The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet.
lkml.org/lkml/2006/8/20/278
secunia.com/advisories/21820
secunia.com/advisories/22292
secunia.com/advisories/22382
secunia.com/advisories/22441
secunia.com/advisories/22945
secunia.com/advisories/23474
secunia.com/advisories/25691
secunia.com/advisories/25714
secunia.com/advisories/26139
support.avaya.com/elmodocs2/security/ASA-2006-249.htm
www.debian.org/security/2007/dsa-1304
www.mandriva.com/security/advisories?name=MDKSA-2006:182
www.novell.com/linux/security/advisories/2006_79_kernel.html
www.redhat.com/support/errata/RHSA-2006-0689.html
www.securityfocus.com/archive/1/448998/100/0/threaded
www.securityfocus.com/archive/1/471457
www.securityfocus.com/bid/19939
www.ubuntu.com/usn/usn-489-1
www.vupen.com/english/advisories/2006/3551
issues.rpath.com/browse/RPL-721
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9775